Position: Risk Analyst
Location: Madison, NJ 07940
Term: 4 Months
- Understand complex business and information technology management processes. Identify and evaluate technology risks at third parties. Develop an understanding of the third parties' IT control environment and perform basic risk management approaches to evaluate their IT controls. Actively participate in decision making with third parties and management for mitigating identified deficiencies and seek to understand the broader impact of the decisions made.
- Interface with all levels of management and technical and business sources. Responsible for understanding of business processes and technology used within the assigned areas to ensure that the business is in compliance with regulatory requirements and Information Security Policy and applicable procedures, processes and standards
- Provide oversight to company's business units in assessing and managing third-party relationship risk.
- Manage due diligence required for on-boarding and recertification of risk and ongoing monitoring of assigned third party relationships.
- Conduct and publish annual due diligence and risk assessment reports of third parties within their scope of duties.
- Ensure third-party relationships adhere to company's policies and are compliant with regulatory guidelines and industry best practices.
- Champion new Third Party Risk Management (TPRM) risk management initiatives and work to remove organizational barriers
- Effectively liaise with other company subject matter experts to provide guidance on third party relationship risk management.
- Provide support and expertise to business owners on third-party-relationship management.
- Responsible for quality and timely processing of third party related requests, activities.
- Provides consulting services on highly-complex and technical risk control-related issues to management teams at all levels in area of responsibility.
- Partner with business units to ensure vendor engagements are appropriately risk assessed, and identified risks are suitably monitored and mitigated in line with Realogys risk appetite, including the identification of risk concerns and the recommendation of control enhancements.
- Document assessment template, follow up on outstanding deliverables, and score the assessment with an overall rating.
- Ensure that potential issues are raised promptly to senior management with a view to identify options to mitigate risk.
- Routinely handles exceptional/unusual situations.
- Develop and maintain effective relationships with key Business partners.
- Help maintain and review reports from system of record for the Program with the most timely and accurate information available, including the review and dispositioning of questionnaires, attestations, due diligence reports, and other records and information in the Third-party risk system of record.
- Enhance policy, process, workflows, and procedures as necessary in order to improve efficiency and mitigate risk.
Requirements and Qualifications
- Ability to keep up with third-party-relationship due diligence and risk assessment mechanisms to effectively liaise with and provide guidance to subject-matter experts
- Strong communication skills, verbal and written, particularly the ability to summarize issues and facilitate action
- Strong relationship management, project management and analytical skills
- Ability to work with, lead, and consult with all levels in the organization up to and including executives, and to operate effectively in a team environment as well as independently
- Ability to organize and prioritize multiple deliverables while working with minimal supervision in a large, global corporate environment
- Skills to analyze data, reports and processes and draw relevant conclusions
- Basic understanding of types of cloud technologies (SaaS, PaaS, IaaS)
- Ability to communicate clearly and concisely, both orally and in writing
- Strong judgment, organizational, decision making, project management and interpersonal skills.
- minimum of 7 years experience in audit, compliance, risk management, vendor management, project management or quality control
- Self-motivated, well-organized individual.
- Demonstrated experience working under time constraints.
- Demonstrated experience handling multiple tasks in support of various assignments.
- Demonstrated experience managing and supporting projects.
- Demonstrated experience working individually as well as a member of a team.
- Experience with Shared Assessments evaluations
- Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant controls
- Communicate and present concisely and effectively based on the appropriate level of management
- Demonstrate solid knowledge of information security risks and countermeasures and NIST, ISO, SOX and other information security and control frameworks.
- Demonstrate effective verbal and written communication skills for the purpose of explaining technical information to users, vendors, senior management and staff and ability to apply knowledge and deductive reasoning.
- Strong attention to detail.
- Strong relationship and facilitation skills.
- Proficient with Microsoft Word, Excel, PowerPoint
- Fluent in English
- Able to work 9am to 5pm Eastern Standard time